This document provides homogeneous, scalable security incident response procedures to ease collaboration in the event of a security incident impacting multiple, distinct organisations. This capability has been identified by Research Communities as a prerequisite for the widespread adoption of federated identity management. To support the procedures, this document contains background information on the concepts and processes required for security incident response in a federated environment.
The Sirtfi framework will form the basis of such a procedure; the Sirtfi mechanism and consultation model are (briefly) recapitulated in this document, and the same model will be used to obtain a global rough consensus on security incident response for federated incidents.
The document contains a detailed proposal for coordinated response: this model should be considered as the basis for discussion in the REFEDS Sirtfi group. It is based on experience with handling actual incidents, and as such contains detailed recommendations. Yet it is also meant to be open for discussion as the global community participates in the endeavour.
Final Version: https://aarc-project.eu/wp-content/uploads/2017/02/DNA3.2-Security-Incident-Response-Procedure-v1.0.pdf
Previous Document versions: